View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.eclipse.aether.generator.gnupg.loaders;
20  
21  import javax.inject.Named;
22  import javax.inject.Singleton;
23  
24  import java.io.IOException;
25  import java.nio.file.Files;
26  import java.nio.file.Path;
27  import java.nio.file.Paths;
28  
29  import org.bouncycastle.util.encoders.Hex;
30  import org.eclipse.aether.RepositorySystemSession;
31  import org.eclipse.aether.generator.gnupg.GnupgConfigurationKeys;
32  import org.eclipse.aether.generator.gnupg.GnupgSignatureArtifactGeneratorFactory;
33  import org.eclipse.aether.util.ConfigUtils;
34  import org.eclipse.sisu.Priority;
35  import org.slf4j.Logger;
36  import org.slf4j.LoggerFactory;
37  
38  import static org.eclipse.aether.generator.gnupg.GnupgConfigurationKeys.CONFIG_PROP_KEY_FINGERPRINT;
39  
40  /**
41   * Loader that looks for configuration.
42   */
43  @Singleton
44  @Named(GpgConfLoader.NAME)
45  @Priority(20)
46  @SuppressWarnings("checkstyle:magicnumber")
47  public final class GpgConfLoader implements GnupgSignatureArtifactGeneratorFactory.Loader {
48      public static final String NAME = "conf";
49  
50      private final Logger logger = LoggerFactory.getLogger(getClass());
51  
52      /**
53       * Maximum file size allowed to load (as we load it into heap).
54       * <p>
55       * This barrier exists to prevent us to load big/huge files, if this code is pointed at one
56       * (by mistake or by malicious intent).
57       *
58       * @see <a href="https://wiki.gnupg.org/LargeKeys">Large Keys</a>
59       */
60      private static final long MAX_SIZE = 64 * 1000 + 1L;
61  
62      @Override
63      public byte[] loadKeyRingMaterial(RepositorySystemSession session) throws IOException {
64          Path keyPath = Paths.get(ConfigUtils.getString(
65                  session,
66                  GnupgConfigurationKeys.DEFAULT_KEY_FILE_PATH,
67                  GnupgConfigurationKeys.CONFIG_PROP_KEY_FILE_PATH));
68          if (!keyPath.isAbsolute()) {
69              keyPath =
70                      Paths.get(System.getProperty("user.home")).resolve(keyPath).toAbsolutePath();
71          }
72          if (Files.isRegularFile(keyPath)) {
73              if (Files.size(keyPath) < MAX_SIZE) {
74                  return Files.readAllBytes(keyPath);
75              } else {
76                  logger.warn("Refusing to load file {}; is larger than 64 kB", keyPath);
77              }
78          }
79          return null;
80      }
81  
82      @Override
83      public byte[] loadKeyFingerprint(RepositorySystemSession session) {
84          String keyFingerprint = ConfigUtils.getString(session, null, CONFIG_PROP_KEY_FINGERPRINT);
85          if (keyFingerprint != null) {
86              if (keyFingerprint.trim().length() == 40) {
87                  return Hex.decode(keyFingerprint);
88              } else {
89                  throw new IllegalArgumentException(
90                          "Key fingerprint configuration is wrong (hex encoded, 40 characters)");
91              }
92          }
93          return null;
94      }
95  }